Emotet_Feodo_IOC's_15-06-2018

1. #Emotet #Feodo #Banking #Trojan #Malware
2. ----------------------------------------------
3. 15-06-2018 IOC's
4. ----------------------------------------------
5. Main object- "ups-invoice-uscan-066M6846_7.doc"
6. sha256 c945b58818a11af53b96cebb450f4558251d5164503608eec161e86f2e21a8d7
7. sha1 122bfceb3603a58c95925499aca640513581b053
8. md5 08f50f502b66b496fda8cb6b0b69386a
9. Dropped executable file
10. sha256 C:\Users\admin\AppData\Local\Temp\416674.exe b1bf9557f76b74ecc63989d0d43b13bf2980973b1455af0923e852577e382913
11. DNS requests
12. domain www.ikuznetsoff.ru
13. Connections
14. ip 52.109.88.5
15. ip 2.16.186.97
16. ip 52.109.88.10
17. ip 13.107.5.88
18. ip 52.109.112.33
19. ip 52.109.76.36
20. ip 108.51.20.17
21. ip 31.31.196.195
22. ip 2.18.232.50
23. ip 2.16.4.178
24. ip 2.16.186.74
25. ip 2.18.233.62
26. HTTP/HTTPS requests
27. url http://108.51.20.17/
28. url hxxp://www.ikuznetsoff.ru/MQ1qJe5Mjc/
29. hxxp://www.anton.pskovhelp.ru/bALVX4cW/
30. hxxp://www.redridgeumc.org/ hxxp://www.bilginerotoekspertiz.com/ZOfBFx7/
31. hxxp://www.admin.searchlowestprice.com/G8W0S5EWs/